The Hacks of Skype and Snapchat

These hacks were very different in that the Skype incident was the compromise of Skype’s social media presence and the Snapchat hack was user information being disclosed.

Regarding the Skype incident:

Keeping your social media accounts for your company safe and secure is not as easy as it sounds with larger organizations. Often times, it is an outsourced company that staff’s these Twitter, Facebook, Pinterest accounts and their security practices may not be up to industry standards. They often will not turn on the two-factor authentication because it assumes that a single user will be associated with the account and often times with these large online brands, there are multiple people who staff a single account and two-factor makes it almost impossible to manage.

In this case, the attacker was the Syrian Electronic Army (SEA) who wanted the visibility to make some statement. The good news (if any) is that it was easy to detect as hacktivists wish to be visible. But consider a different threat actor. What if these accounts were compromised by an advanced threat that wanted to remain hidden? This is where things could have gotten very ugly. Compromised social media accounts could be used to get your customer base (your followers) to download malware, disclose more sensitive personal information, and various other tactics that would be more difficult to detect, especially if the communication was done via direct messages and other one-on-one channels.

Back before social media was big, attackers like the Syrian Electronic Army would have come after your website in order to achieve their objective. Today, they will likely target your social media presence first, mainly because it gives them direct access to your customer base. It is critical that companies treat all of their social media credentials with the highest level of security and auditing. Having someone review the activity log once or twice daily is good practice and the only way you will be able to defend your brand in the face of the advanced threat.

Regarding the Snapchat incident:

Add another 4.6 Million user accounts compromised to the growing total in the past six months and we have a real problem on our hands. Just in the past month, it seems that the frequency of accounts compromised is so high that people have to change passwords on a weekly basis. This is not sustainable. How bad does it have to get before it starts getting better? The more users you have in your online system, the more attractive you are to the advanced threat. They will work all day and all night to penetrate your systems and in turn, you must work all day and all night to ensure that you defend your systems. At some point, product managers of these systems must prioritize security related features over all the other features in the backlog and make it happen sooner than later. Until then, there will be many more stories like this one and good luck having to change your password for an upward of 50+ accounts on a weekly basis.

It is naïve to think that any online system will reach a state of security where they no longer have to worry about the threat. The threat advances on a daily basis. The targets evolve with every release and in turn may introduce new weaknesses while eradicating old weaknesses, and everything is in flux. Having said that, it is no longer sufficient for just the software developers to understand the threat landscape, it is everyone’s responsibility. Product management should proactively socialize a persona that represents the common threat actor(s). By doing this, marketing, support, and other non-developers can all be on the same page as they continuously defend their applications and networks.